Some of the world's biggest companies have major website security issues

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
52,064
26
pchelpforum.net
Cybercriminals have taken over more than 240 website subdomains belonging to some of the world's biggest brands and organizations in an effort to redirect users to malware, adult content, online gambling and other unexpected content.

As reported by The Register, the organizations who had their subdomains hijacked include Chevron, the Red Cross, UNESCO, 3M, Arm, Warner Brothers, Honeywell, Toshiba, Xerox, NHS, Volvo, Siemens and others.

The problem is not that the websites of these businesses and organizations were hijacked but that their DNS entries have been, due to the way they were hosted in Microsoft's Azure cloud.


This has been an ongoing problem for Azure-hosted sites and back in March of this year, Microsoft accidentally allowed hundreds of its own subdomains to fall into the hands of spammers who used their reputation to try and rank higher in search results.

Hijacked subdomains


The list of hijacked subdomains shared with The Register was created by US security researcher Zach Edwards who reported the URLs to Microsoft as well as the affected organizations at the end of June.

According to Edwards, a large number of the subdomains on his list appear to have been taken over by a single group that has been operating for years. He provided further insight on his discovery to the news outlet, saying:

"They are used by an international criminal group who does lots of things with them. Some pages redirect to malware, some redirect to porn or casinos or other potential clients that pay them for inbound links, some direct to malicious chrome extensions, or cracked software. It's clearly automated: they have hit tons of organizations, and uploaded tons of malware. I've warned a bunch of organizations that their biggest fear should be this legacy group partnering with some other group that is more destructive.”

The group often tries to hide their presence after hijacking a subdomain by making the root URL show a 404 error or even a “coming soon message”. Edwards says that around 20 percent of the subdomains on his list have been shut down and Microsoft as well as the affected organizations are likely hard at work trying to shut down the rest.


Via The Register

Continue reading...